AvatarEditorService should have server-side methods for checking inventory-based information

As a Roblox developer, it is currently too hard to verify the authenticity of player-inventory results. As of currently; AvatarEditorService:GetInventory, AvatarEditorService:GetOutfits and less-importantly AvatarEditorService:GetFavorite are all required to be run on the client. This means if we wish to run these from the server; we need to send these over via remote event from the client and verify the integrity of the data on the server.

Unfortunately, it is near-impossible to do this; current workarounds look like this:

  • GetInventory; spam hundreds of requests to MarketplaceService:UserOwnsAsset. This can take an extreme amount of time to complete and steals away from our rate limit for MarketplaceService; we are practically locked out of using MarketplaceService for anything else while doing this.

  • GetOutfits; no workaround. There is no good API to check for outfit ownership.

  • GetFavorite; no workaround. Lacking permissions to check for this.

If Roblox is able to address this issue, it would improve my development experience because I could more easily make use of AvatarEditorService’s inventory APIs for operations that need to be run on the server.

2 Likes